Nas-IP-Address regexp matching in hints/huntgroups working in 2.2.0 and not in 3.0.13
Gianni Costanzi
gianni.costanzi at gmail.com
Fri Dec 15 17:22:49 CET 2017
On Fri, Dec 15, 2017 at 12:42 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Dec 15, 2017, at 6:29 AM, Gianni Costanzi <gianni.costanzi at gmail.com>
> wrote:
> > So I've tried to implement the code I need to replicate what I was using
> in
> > older Freeradius:
> >
> > if (&User-Name =~ /^(xx[e0][0-9]{3})$/ \
> > && NAS-IP-Address !~ /REGEXP/ \
> > && NAS-IP-Address !~ /REGEXP/ \
> > && NAS-IP-Address !~ /REGEXP/ \
> > [...]
> > && NAS-IP-Address !~ /REGEXP/ \
> > && NAS-IP-Address !~ /REGEXP/ {
> > update request {
> > &User-Name := "%{User-Name}@myrealm"
> > }
> > }
> >
> > The problem now is that there are too many conditions and radius server
> > does not start:
>
> As I suggested earlier... see "man rlm_passwd". You can create local
> groups for the NASes.
>
> i.e. instead of listing masses of regular expressions, just create a
> simple flat file with (a) the IP of the NAS, and (b) the group it should
> belong to. You can create a local "NAS-Group" attribute. See the
> rlm_passwd documentation for examples.
>
> Then in the "authorize" section, do:
>
> if ((User-Name =~ /regex/) && (NAS-Group == "foo")) {
> ...
> }
>
> > If I reduce the number of "&& NAS-IP-Address" rows it works.
>
> Using groups is simpler than large numbers of if / then / else
> conditions.
>
> Alan DeKok.
>
> Thank you very much, I think I've understood now the whole picture, I
should be able to implement what I need with the passwd module (it seems to
work, looking at the first tests I've done).
I still don't understand when I should use &User-Name and when User-Name,
since both seem to work, but I need to read the manuals with more attention
(Always being in a hurry doesn't help).
Have a nice weekend
Gianni
More information about the Freeradius-Users
mailing list